Hiding Communication of Essential Services by System Call Proxy

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Security software, which is one of the essential services, is considered to be important due to an increase in attacks on computers. The essential services are provided by processes which sometimes involve file manipulation and communication. Also, the essential services can be a target of attacks and be disabled because they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor for making it difficult for attackers to identify essential services by hiding process information and file manipulation. However, communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.

Original languageEnglish
Title of host publicationProceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages47-56
Number of pages10
ISBN (Electronic)9781538691823
DOIs
Publication statusPublished - Dec 27 2018
Event6th International Symposium on Computing and Networking, CANDAR 2018 - Takayama, Japan
Duration: Nov 27 2018Nov 30 2018

Publication series

NameProceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018

Conference

Conference6th International Symposium on Computing and Networking, CANDAR 2018
CountryJapan
CityTakayama
Period11/27/1811/30/18

Fingerprint

Communication
Monitoring
Virtual machine

Keywords

  • Attack Avoidance
  • Communication Hiding
  • Virtual Machine

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Okuda, Y., Sato, M., & Taniguchi, H. (2018). Hiding Communication of Essential Services by System Call Proxy. In Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018 (pp. 47-56). [8594743] (Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2018.00014

Hiding Communication of Essential Services by System Call Proxy. / Okuda, Yuuki; Sato, Masaya; Taniguchi, Hideo.

Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 47-56 8594743 (Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Okuda, Y, Sato, M & Taniguchi, H 2018, Hiding Communication of Essential Services by System Call Proxy. in Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018., 8594743, Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018, Institute of Electrical and Electronics Engineers Inc., pp. 47-56, 6th International Symposium on Computing and Networking, CANDAR 2018, Takayama, Japan, 11/27/18. https://doi.org/10.1109/CANDAR.2018.00014
Okuda Y, Sato M, Taniguchi H. Hiding Communication of Essential Services by System Call Proxy. In Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 47-56. 8594743. (Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018). https://doi.org/10.1109/CANDAR.2018.00014
Okuda, Yuuki ; Sato, Masaya ; Taniguchi, Hideo. / Hiding Communication of Essential Services by System Call Proxy. Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 47-56 (Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018).
@inproceedings{c3a6feecccc54dedb4ae6384c50f101e,
title = "Hiding Communication of Essential Services by System Call Proxy",
abstract = "Security software, which is one of the essential services, is considered to be important due to an increase in attacks on computers. The essential services are provided by processes which sometimes involve file manipulation and communication. Also, the essential services can be a target of attacks and be disabled because they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor for making it difficult for attackers to identify essential services by hiding process information and file manipulation. However, communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.",
keywords = "Attack Avoidance, Communication Hiding, Virtual Machine",
author = "Yuuki Okuda and Masaya Sato and Hideo Taniguchi",
year = "2018",
month = "12",
day = "27",
doi = "10.1109/CANDAR.2018.00014",
language = "English",
series = "Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "47--56",
booktitle = "Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018",

}

TY - GEN

T1 - Hiding Communication of Essential Services by System Call Proxy

AU - Okuda, Yuuki

AU - Sato, Masaya

AU - Taniguchi, Hideo

PY - 2018/12/27

Y1 - 2018/12/27

N2 - Security software, which is one of the essential services, is considered to be important due to an increase in attacks on computers. The essential services are provided by processes which sometimes involve file manipulation and communication. Also, the essential services can be a target of attacks and be disabled because they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor for making it difficult for attackers to identify essential services by hiding process information and file manipulation. However, communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.

AB - Security software, which is one of the essential services, is considered to be important due to an increase in attacks on computers. The essential services are provided by processes which sometimes involve file manipulation and communication. Also, the essential services can be a target of attacks and be disabled because they can be an obstacle to attackers. Attackers can speculate essential services by monitoring the behavior of the processes. To avoid such attacks on essential services, methods for hiding their behavior are proposed. The methods use a virtual machine (VM) monitor for making it difficult for attackers to identify essential services by hiding process information and file manipulation. However, communication information remains visible to attackers. To address this problem, this study proposes a method for hiding the communication of essential services by using a system call proxy. We assume that a process providing essential services (essential process) runs on a protection target VM and a proxy process runs on a proxy VM. In the proposed method, system calls in the communication invoked by the essential process are executed by the proxy process. The system calls invoked by the proxy process are not executed on the protection target VM; therefore, attackers cannot identify the communication of essential services by monitoring their communication. This paper presents the design, implementation, and evaluation of the proposed method.

KW - Attack Avoidance

KW - Communication Hiding

KW - Virtual Machine

UR - http://www.scopus.com/inward/record.url?scp=85061514902&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85061514902&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2018.00014

DO - 10.1109/CANDAR.2018.00014

M3 - Conference contribution

T3 - Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018

SP - 47

EP - 56

BT - Proceedings - 2018 6th International Symposium on Computing and Networking, CANDAR 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -